author photo
By Bruce Sussman
Thu | Oct 3, 2019 | 8:30 AM PDT

The 17th annual SecureWorld Detroit cybersecurity conference had two days of sessions and panels with relevant insights spilling out all over the place.

Here are 11 of the many, many cybersecurity quotes worth sharing:

1) "Was that technical? No. Did it get the message across? Yes. That's what happens when you use creative approaches to create Security Awareness," said Alexandra Panaretos of EY in her session on security culture and collaboration.

2) Special Agent Chris McMahon of the U.S. Secret Service on Business Email Compromise: "Since 2016, BEC losses have topped $26 billion. And that's just the tip of the iceberg because many are too embarrassed to report it. Everyone, and every organization, is a potential target."

3) Barbara Hiemstra of Steelcase explains her Privacy Engineer role, which is a role an increasing number of organizations have: "When I visit the developers, I often go with legal in a privacy roadshow type format. You have to present key points of your company's privacy policy in a one-pager that's easy for them to understand. And bring food.”

4) Mark Gelhardt, former CIO of The White House, on getting to the top in your cybersecurity career: "Step number one is to have a positive outlook on life. Seriously. You have a greater ability to influence your life outcomes than anyone else."

5) Attorney Kathy Ossian during her legal look at IoT cybersecurity and privacy: "Do we really know who is getting access to that IoT data? And what happens when IoT manufacturers stop supporting a device or simply go out of business?"

6) Steven Fox of WorkForce Software, on leading global security teams, across cultures: "My team in Pakistan wants no uncertainty or ambiguity. Some other cultures are okay with a certain level of this. Either way, it should inform how you communicate to get the job done."

7) Matthew Clapham of GE Healthcare, giving a call to action on increasing your security employee pipeline, internally: "This next week, start noticing those outside your security team who have expressed any interest in cybersecurity. And next, work on developing a program to give those candidates a chance to try security. And during the following quarter, develop a formalized program."

And how about four quotes from Dr. Larry Ponemon, Founder of the Ponemon Institute? These are from our fireside chat in Detroit: 


8) "A data breach is about both privacy and security. And security becomes very, very important because you can't have privacy unless you have good security. And if someone tries to say otherwise, they are crazy people."

9) "Your job is not an easy job, and it's really important. But having the management of your organization recognize this is really important as well."

10) "The big cost issue for many organizations is a turnover factor. As you have large breaches, consumers say why would I entrust this organization with my sensitive, confidential information. If you lose less than 1% of the total customers as a result of your data breach, that could translate into tens of millions of dollars of loss."

11) "Many times I'll go in and talk to boards and say, you need to do these things around security. They'll say, yeah, it's important, but it's down the priority list so we'll do it in 2087. Then when they have that breach, the Chairman of the Board will call you up and say, hey, uh, Larry, can we play golf and talk about cybersecurity?"

Dr. Ponemon clearly has a sense of humor!

Thank you to the vibrant cybersecurity community in Detroit. You came  together in a huge way at SecureWorld to create the most highly attended security conference in the region.

And organizations will be more secure because of you.

[RESOURCE: 'The SecureWorld Sessions' cybersecurity podcast]